We currently have an office with about 200 employees behind two Fortigate 90D HA A-A under FortiOS 5.2.13 and the cpu is often at 100% during the business hours (I know 90D isn't enough for that many employees). Only the application control, the web filtering and certificate inspection are activated for Internet trafic. The Internet trafic is about 10-20 MBPS at worst. We're looking to replace it with Fortigate 100E/200E or FortigateVM 02V.
What's the general opinion of having a Fortigate VM instead of 2 Fortigate in HA A-A doing the perimeter security? I know we lose the hardware acceleration, the HA and it creates a risk with VMware (problem with the disk, spikes in CPU, hardware problems, etc.).
For FGT-VM64, I was able to add virtual harddisk that can be used for logging. You can also extend memory but this depends on license too (including CPU count). When scanning a specific virus sample, arm cpu could go to 100% (older/slower arm cpu) but intel i7-4790k could only take ~3%. I was able to setup HA A-P mode for testing but HA A-A should work too. If FGT-VM license expires or not able to verify with Fortiguard, the CLI availability would become limited unlike in actual FGT hardware device. I was able to also mount the virtual harddisk but the image is compressed so /bin folder is empty.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.